A pharmacy has been fined £275,000 in the first use of fining powers under the General Data Protection Regulations (GDPR).
The UK data protection regulator, the Information Commissioner’s Office (ICO), has fined Doorstep Dispensaree Ltd £275,000 for failing to ensure the security of special category data.
The ICO investigated the pharmacy after it was alerted to the insecurely stored documents by the Medicines and Healthcare Products Regulatory Agency, which was carrying out a separate inquiry.
Doorstep Dispensaree Ltd, left some 500,000 documents relating to patients in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, medical information, NHS numbers and prescription information.
You can read the full penalty notice below